I ran the new verification code against a large number of certificates
with a huge (>1000) number of intermediates.
I had previously convinced myself that a cycle in the certificate
graph implied a cycle in the hash graph (and thus, a contradiction).
This is bogus because the signatures don't cover each other.
Secondly, I managed to drive the verification into a time explosion
with a fully connected graph of certificates. The code would try to
walk the factorial number of paths.
This change switches the CertPool to dealing with indexes of
certificates rather than pointers: this makes equality easy. (I didn't
want to compare pointers because a reasonable gc could move objects
around over time.)
Secondly, verification now memorizes the chains from a given
certificate. This is dynamic programming for the lazy, but there's a
solid reason behind it: dynamic programming would ignore the Issuer
hints that we can exploit by walking up the chain rather than down.
R=bradfitzgo
CC=golang-dev
https://golang.org/cl/4439070
Used to fault trying to access l->list->next
when l->list == nil after MCentral_AllocList.
Now prints
runtime: out of memory: no room in arena for 65536-byte allocation (536870912 in use)
throw: out of memory
followed by stack trace.
Fixes#1650.
R=r, dfc
CC=golang-dev
https://golang.org/cl/4446062
This change will allow to generate valid executable,
even if rsc disables dwarf generation, as it happend
at revision 9a64273f9d68.
R=rsc
CC=golang-dev, lvd, vcc
https://golang.org/cl/4425066
Also, 6g was passing uninitialized
Node &n2 to regalloc, causing non-deterministic
register collisions (but only when both left and
right hand side of comparison had function calls).
Fixes#1728.
R=ken2
CC=golang-dev
https://golang.org/cl/4425070
Will fill dashboard down the screen instead of up
when builders get stuck and resume. Already live.
Also delete dead benchmark code.
I think it is safe to say that if/when we bring
benchmarks back, we will use a different
data model.
Fixes#1228.
R=adg
CC=golang-dev
https://golang.org/cl/4449059
This permits the websocket handler to inspect http headers and such.
Fixes#1726.
R=ukai, bradfitz, bradfitzgo
CC=golang-dev
https://golang.org/cl/4439069
Set mailed bit correctly for self-clpatch.
Use repo.rollback correctly.
Allow leading spaces in some C code.
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/4438064
The unexported version returns a sensible default when the user hasn't
set a value. The exported version crashes in that case.
R=bradfitzgo, rsc1
CC=golang-dev
https://golang.org/cl/4435070
The path conversion is done automatically if msys' builtin
shell commands are used.
R=rsc1, peterGo, brainman, Mr_Dark, r
CC=golang-dev
https://golang.org/cl/4452042
Static symbols were not being marked as such.
I also made the 'z' symbols use the first byte of
the name instead of an explicit NUL so that if
the symbol table format is ever changed, the only
place that would need updating is addhist().
R=rsc
CC=golang-dev
https://golang.org/cl/4366047
Having the test be in the container/heap package yields a cycle
container/heap (for the test)
-> testing
-> time
-> container/heap (for timerHeap)
Occasionally the linker would get mixed up, resulting in a test panic
in a very weird place.
R=rsc, r2
CC=golang-dev
https://golang.org/cl/4395042
With full multi-prime support we can support version 1 PKCS#1 private
keys. This means exporting all the members of rsa.PrivateKey, thus
making the API a little messy. However there has already been another
request to export this so it seems to be something that's needed.
Over time, rsa.GenerateMultiPrimeKey will replace rsa.GenerateKey, but
I need to work on the prime balance first because we're no longer
generating primes which are a multiples of 8 bits.
Fixes#987.
R=rsc
CC=golang-dev
https://golang.org/cl/4378046
Only for Unix presently. Other operating systems
are stubbed out, as well as arm (lacks cgo).
R=rsc, r, bradfitzwork
CC=golang-dev
https://golang.org/cl/4440057
